def update_user(request, user_id):
if not request:
abort(400)
user = session.query(User).filter(User.id == user_id).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
infos = request.json
verification = check_user_infos(infos)
if verification is not None:
return HttpResponse(403).error(verification)
if 'mail' in infos:
existing = session.query(User).filter(
User.mail == infos['mail']).first()
if existing:
return HttpResponse(403).error(ErrorCode.MAIL_USED)
if 'password' in infos:
hashed = get_hashed_password(infos['password'])
infos['password'] = hashed
infos['date_update'] = datetime.datetime.now()
try:
session.begin()
session.query(User).filter(User.id == user_id).update(infos)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.USER_UPDATED)
def delete_user(request, user_id):
"""
Delete an user
:param request:
:param user_id:
:return: Httreponse
"""
if not request:
abort(400)
if not check_user_permission(user_id):
error = {
'error':
'Action interdite: Tentative d\'action sur un compte non identifié'
}
return HttpResponse(403).custom(error)
user = session.query(User).filter(User.id == user_id).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
try:
session.begin()
session.query(User).filter(User.id == user_id).delete()
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.USER_DELETED)
def get_user(request):
if not request:
abort(400)
if 'mail' in request.args:
user = session.query(User).filter(
User.mail == request.args['mail']).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
res = {'user': to_dict(user)}
return HttpResponse().custom(res)
users = session.query(User).filter()
res = {'users': [to_dict(x) for x in users]}
return HttpResponse().custom(res)
def post_products(self, request):
#ip serveur benjamin
res = requests.get('http://35.210.200.125:5000/').json()
old_products_list = session.query(Product).filter(
Product.id_user == self.user_connected).all()
id_rfid_list = [product.id_rfid for product in old_products_list]
converted_list = [str(i) for i in id_rfid_list]
res_list = res["product_list"]
new_elements = [
item for item in res_list if item not in converted_list
]
if len(new_elements) == 0:
return HttpResponse(200).custom({
'state':
"J'ai déjà enregistrer tout les produits dans votre armoire."
})
name_new_element = []
for element in new_elements:
link_product_to_user_with_id_rfid(element, self.user_connected)
name_new_element.append(get_product_name_with_rfid(element))
name_to_return = ', '.join(name_new_element)
return HttpResponse(200).custom(
{'state': f'Vous avez ajouté: {name_to_return}'})
def validate_user_access(self, kwargs):
user_connected = session.query(AccessToken).filter(
AccessToken.token == self.token).first()
user_connected = to_dict(user_connected)
if int(user_connected['id_user']) != int(kwargs['user_id']):
return False
return True
def link_product_to_user_with_id_rfid(id_rfid, id_user):
"""
Link a product to with a user by id rfid
:param id_rfid:
:param id_user:
:return: True if the modification is ok
False if not
"""
product = session.query(Product).filter(Product.id_rfid == id_rfid).first()
info = {"date_update": datetime.datetime.now(), "id_user": id_user}
try:
session.begin()
session.query(Product).filter(Product.id_rfid == id_rfid).update(info)
session.commit()
except Exception as e:
session.rollback()
session.flush()
raise e
def __init__(self, token):
"""
:param str token:
"""
self.token = token
self._model = session.query(AccessToken).filter(
AccessToken.token == token).first()
if self._model is None:
raise ValueError(f'Cannot find token {self.token}')
def grant_password(self):
validator = HttpRequestValidator()
validator.throw_on_error(True)
validator.add_param('username', True)
validator.add_param('password', True)
if validator.verify():
username = self.__request.get_param('username')
username = username.lower()
user = session.query(User).filter(User.mail == username).first()
if user and user.is_active != 0 and user.password:
current_pw = user.password
password = self.__request.get_param('password')
if PasswordUtilities.check_password(password, current_pw):
scope = "user"
access_token = AccessToken(
app_id=self.application_id,
type='bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=user.id,
expiration_date=arrow.now().shift(hours=+10).datetime,
is_enable=1,
scopes='user')
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=self.application_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return access_token, refresh_token
else:
raise Exception('Invalid username or password')
else:
raise Exception('Invalid username or password')
def get_product_name_with_rfid(id_rfid):
"""
return the product name with rfid
:param param:
:param name_colomn_to_search:
:return:
"""
product = session.query(Product).filter(Product.id_rfid == id_rfid).first()
return product.product_name
def get_list_of_product(self, request):
old_products_list = session.query(Product).filter(
Product.id_user == self.user_connected).all()
name_new_element = []
for element in old_products_list:
name_new_element.append(element.product_name)
state_res = 'Dans votre armoire il y a : '
product = ", ".join(name_new_element)
state_res += product
return HttpResponse(200).custom({'state': state_res})
def delete_products(request, product_id):
"""
Delete a product
:param request:
:param product_id:
:return:
"""
if not request:
abort(400)
product = session.query(Product).filter(Product.id == product_id).first()
if not product:
return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND)
try:
session.begin()
session.query(Product).filter(Product.id == product_id).delete()
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.PRODUCT_DELETED)
def get_app_with_client_id(self, client_id):
"""
Try to fetch an application with this client_id
:param str client_id: The app client_id
:rtype: APIOAuthApplicationModel
"""
app = session.query(AuthApplication).filter(AuthApplication.client_id == client_id).first()
if not app:
raise Exception('Invalid application : app_id.')
return app
def get_products(request, product_id):
if not request:
abort(400)
products = session.query(Product).filter(Product.id == product_id).first()
if not products:
return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND)
product = requests.get(urlopenfoodfact.format(products.id_ean))
return HttpResponse(200).custom({
'success': 'On a retrouvé le produit.',
'position': products.position,
'expiration_date': products.expiration_date,
'id_ean': products.id_ean,
'informations': product.json()
})
def __init__(self, header_token=None):
if not header_token:
raise Exception("Token undefined")
reg = re.compile('Bearer ([A-Za-z0-9-=]+)')
result = reg.findall(header_token)
if not result:
raise Exception("Token undefined")
token = result[0]
user_connected = session.query(AccessToken).filter(
AccessToken.token == token).first()
users = to_dict(user_connected)
self.user_connected = users["id_user"]
def check_user_permission(user_id):
requester = HttpRequest()
token = requester.get_param('accessToken')
timestamp = requester.get_param('oauth_timestamp')
header_token = requester.get_header("Authorization")
if header_token is None:
header_token = requester.get_header("X-Authorization")
if header_token:
reg = re.compile('Bearer ([A-Za-z0-9-_=]+)')
result = reg.findall(header_token)
if result:
token = result[0]
user_connected = session.query(AccessToken).filter(
AccessToken.token == token).first()
user_connected = to_dict(user_connected)
if int(user_connected['id_user']) != int(user_id):
return False
return True
def user_login(self, username, password):
"""
Login an user and return it.
:param str username: User username
:param str password: User password
:rtype: UserModel or None
"""
user = session.query(User) \
.join(AccessToken, User.id == AccessToken.id_user) \
.filter(User.mail == username) \
.add_columns(User.id, User.password, AccessToken.token) \
.first()
#user = session.query(User).filter(User.mail == username).first()
if user is not None:
if check_password(password, user.password.encode()):
return user
else:
return None
else:
return None
def create_user(request):
if not request:
abort(400)
verification = check_user_infos(request.json)
if verification is not None:
return HttpResponse(403).error(verification)
existing = session.query(User).filter(
User.mail == request.json['mail']).first()
if existing:
return HttpResponse(403).error(ErrorCode.MAIL_USED)
hashed = get_hashed_password(request.json['password'])
new_user = User(date_insert=datetime.datetime.now(),
date_update=datetime.datetime.now(),
is_active=1,
status=0,
gender=request.json['gender'],
lastname=request.json['lastname'],
firstname=request.json['firstname'],
mail=request.json['mail'],
password=hashed,
country=request.json['country'],
town=request.json['town'],
street=request.json['street'],
street_number=request.json['street_number'],
region=request.json['region'],
postal_code=request.json['postal_code'])
try:
session.begin()
session.add(new_user)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
app_id = session.query(AuthApplication).filter(
AuthApplication.project_id == "arlex-ccevqe").first().id
access_token = AccessToken(app_id=app_id,
type='bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=new_user.id,
expiration_date=datetime.datetime.now() +
datetime.timedelta(weeks=2),
is_enable=1,
scopes="user")
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=app_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(201).success(
SuccessCode.USER_CREATED, {
'id': new_user.id,
'access_token': access_token.token,
'refresh_token': refresh_token.token
})
def grant_authorization_code(self):
validator = HttpRequestValidator()
validator.throw_on_error(False)
validator.add_param('code', True)
validator.add_param('redirect_uri', True)
if not validator.verify():
raise Exception('Invalid code')
code = session.query(AccessToken).filter(
AccessToken.token == self.__request.get_param('code')).first()
if code is None or code.is_enable == 0:
raise Exception('Missing valid code')
info = {"is_enable": 0}
try:
session.begin()
session.query(AccessToken).filter(
AccessToken.id == code.id).update(info)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
if str(code.app_id) != str(self.application_id):
raise Exception('Code does not match your app_id.')
user = self.get_user(code.id_user)
if not user or user.is_active == 0:
raise Exception('Cannot authorize. Account is disabled.')
access_token = AccessToken(
app_id=self.application_id,
type='Bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=user.id,
expiration_date=arrow.now().shift(hours=+10).datetime,
is_enable=1,
scopes="user")
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=self.application_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return access_token, refresh_token
def get_user(self, user_id):
"""
:rtype: UserModel, ProModel or None
"""
user = session.query(User).filter(User.id == user_id).first()
return user
